final review ccna
TRANSCRIPT
-
8/8/2019 Final Review CCNA
1/19
OSI Reference Points
OSI Layer Data Flow Layer Network Reference Network Device
Application Upper
Presentation Upper
Session Upper PDU or Message
Transport Data Flow Segment
Network Data Flow Packet or Datagram MultiLayer Switch or Router
Data Link Data Flow Frame Switch or Bridge
Physical Data Flow Bits and Signaling Hub
OSI Layers
OSI Layer Purpose Examples
Application
Provides services to network applications.This layer is responsible for determiningresource availability, identifyingcommunications peers, and synchronizingcommunications between the applications.
Simple Mail Transport Protocol (SMTP) Telnet File Transfer Protocol (FTP) Trivial File Transfer Protocol (TFTP) HyperText transfer Protocol (HTTP)
Presentation
Provides the coding and conversion functionsthat are applied to the data to/from theApplication layer. This layer ensures that thereis a common scheme used to bundle the databetween the two ends. There are variousexamples and this list is by no means
complete. Text can be either ASCII orEBCDIC. Images can be JPEG, GIF, or TIFF.Sound can be MPEG or Quicktime
ASCII (text) EBCDIC (text) JPEG (image) GIF (image) TIFF (image)
MPEG (sound/video) Quicktime (sound/video)
Session
Maintains communications sessions betweenupper-layer applications. This layer isresponsible for establishing, maintaining, andterminating such sessions
Session Control Protocol (SPC) Remote Procedure Call (RPC) from Unix Zone Information Protocol (ZIP) fromAppleTalk
Transport
Responsible for end-to-end data transmission.These communications can be either reliable(connection-oriented) or non-reliable(connectionless). This layer organizes datafrom various upper layer applications into data
streams. The transport layer also handles end-to-end flow control, multiplexing, virtual circuitmanagement, and error checking andrecovery.
Transmission Control Protocol (TCP) from IP User Datagram Protocol (UDP) from IP
Network
Uses administrator-defined logical addressingto combine many data flows into aninternetwork. This layer allows bothconnection-oriented and connectionless dataflows to access the network. The network layeraddresses help define a network hierarchy.Network devices are normally groupedtogether based on their common NetworkLayer address.
Internet Protocol (IP)
-
8/8/2019 Final Review CCNA
2/19
OSI Layer Purpose Examples
Data Link
Provides either reliable or non-reliabletransmission of data across a physicalmedium. Most networks use a non-reliabledata link layer, such as Ethernet or TokenRing. The data Link Layer provides a physicaladdress to each device called a Media AccessControl (MAC) address. MAC addresses aretypically burned into the network interface card
(NIC). The Data Link Layer also uses a LogicalLink Control (LLC) to determine the type ofNetwork Layer data is traveling inside theframe.
LAN: Ethernet/IEEE 802.3 (include Fast Ethernet) 802.3z (Gigabit Ethernet) Token Ring /IEEE 802.5 FDDI (from ANSI)WAN: High-Level Data-link Control (HDLC)
Point-to-Point Protocol (PPP) Frame Relay
Physical
Defines the electrical, mechanical, andfunctional specifications for maintaining aphysical link between network devices. Thislayer is responsible for such characteristics asvoltage levels, timing and clock rates,maximum transmission distances, and thephysical connectors used.
LAN: Category 3 cabling (LAN) Category 5 cabling (LAN)WAN: EIA/TIA-232 EIA/TIA-449 V.35
TCP/IP Layers
Protocol OSI Reference Function
Transmission ControlProtocol (TCP)
Session Layer Layer 4Reliable, connection-oriented, uses sequence andacknowledgement numbers to provide reliability verifies that theremote end is listening prior to sending data (handshake).
User Datagram
Protocol (UDP)
Session Layer Layer 4Non-reliable, connectionless, no sequence or acknowledgement
numbers, and no far-end verification.
Internet Protocol (IP) Network Layer Layer 3Provides the logical addressing structure. Offers connectionless,best-effort delivery of packets (datagrams).
IP Protocols
Protocol Purpose
Internet Control
Message Protocol(ICMP) Provides control and feedback messages between IP devices.
Address ResolutionProtocol (ARP)
Using a destination IP address, ARP resolves or discovers the appropriate destination MAC(layer 2) address to use. Map a Layer 3 address to a Layer 2 address.
Reverse AddressResolution Protocol
(RARP)
Using a source MAC address, RARP retrieves an IP address form the RARP Server. Mapsources Layer 2 address to a Layer 3 address. RARP is an early form of BOOTP andDHCP.
-
8/8/2019 Final Review CCNA
3/19
IP Addresses
ClassFirst
BinaryBits
NumericalRange
Number ofNetworks
Number ofHosts perNetwork
Number ofNetworkOctets
Number ofHostsOctets
A 0xxx 1 126* 126 16.5 million 1 (N.H.H.H) 3
B 10xx 128 191 16 thousand 65 thousand 2 (N.N.H.H) 2
C 110x 192 223 2 million 254 3 (N.N.N.H) 1
D** 111x 224 239 N/A N/A N/A N/A
E** 1111 240 255 N/A N/A N/A N/A
* 127 is used for the Loopback address.
** Class D is used for Multicast Group addressing, and Class E is reserved for research use only.
Default Subnet MasksDefault Class A mask 255.0.0.0 = N.H.H.H
Default Class B mask 255.255.0.0 = N.N.H.HDefault Class C mask 255.255.255.0 = N.N.N.H
6 Steps to Subnetting
Step Rule What is learned
1 Divide VLSM notation (CIDR) by 8 What octet to work with
2 Plug remainder into subnet chart Multiplier and subnet
3 Plug working octet into chart and do ANDing Base address
4 Add Multiplier to base address and subtract 1 Broadcast Address
5 Use remainder and use as exponent for (2n-2) Number of Networks
6 Take remainder and subtract from 8, take that number for (2h-2) Number of Host
Subnetting Chart
Definitions Number of BITS
Exponents 7 6 5 4 3 2 1 0
Subnet mask 192 224 240 248 252 254 255
128 64 32 16 8 4 2 1
-
8/8/2019 Final Review CCNA
4/19
Possible Subnet Mask Values for One Octet
Decimal Mask Binary Mask Network Bits Host Bits
0 00000000 0 8
128 10000000 1 7
192 11000000 2 6
224 11100000 3 5
240 11110000 4 4
248 11111000 5 3
252 11111100 6 2
254 11111110 7 1
255 11111111 8 0
Possible Class C Subnet Masks
Decimal Mask Network Bits (x) Host Bits (y)Number ofSubnets
2s 2
Number ofHosts
2r 2255.255.255.0 0 8 0 254
255.255.255.128 1 7 N/A N/A
255.255.255.192 2 6 2 62
255.255.255.224 3 5 6 30
255.255.255.240 4 4 14 14
255.255.255.248 5 3 30 6
255.255.255.252 6 2 62 2
255.255.255.254 7 1 N/A N/A
255.255.255.255 8 0 N/A N/A
Port NumbersWell-known port numbers are 1 1023 (typically used for well-known applications), random port numbers are 1024 andabove (typically random numbers are used by the client in a client/server application).
Application Port Transport
File Transfer Protocol (FTP) 20/21 TCP
Telnet 23 TCP
Simple Mail Transfer Protocol (SMTP) 25 TCP
Domain Name Services (DNS) 53 TCP
Domain Name Services (DNS) 53 UDP
Trivial Files Transfer Protocol (TFTP) 69 UDP
Simple Network Management Protocol (SNMP) 161/162 UDP
Routing Information Protocol (RIP) 520 UDP
-
8/8/2019 Final Review CCNA
5/19
Network Hierarchy
Layer Purpose Network Device
Core
To move network traffic as fast as possible.Characteristics include fast transport toenterprise services and no packetmanipulation.
High-speed routers Multi-layer switches
Distribution
Perform packet manipulation such as filtering
(security), routing (path determination), andWAN access (frame conversion). Thedistribution layer collects the various accesslayers. Security is implemented here, as wellas broadcast and multicast control. Mediatranslation between LAN and WAN frametypes also occurs here.
Routers
AccessWhere end-stations are introduced to thenetwork. This is the entry point for virtually allworkstations.
Switches Bridges Hubs
Half-Duplex vs. Full-Duplex
Duplex Type Advantages Defaults
Half-Duplex
Network devices us the same pair of wire to both transmit andreceive
Only possible to use 50% of the available bandwidth mustuse the same bandwidth to send and receive
Available bandwidth decreases as number of devices in thebroadcast domain increases
Used through hubs (layer 1 devices) everyone shares theavailable bandwidth
10 Mbps
(Auto by default)
Full-Duplex
Uses one pair of wire for sending and another pair forreceiving.
Effectively provides double the bandwidth possible to sendand receive at the same time.
Must be point-to-point stations, such as pc/server-to-switch orrouter-to-switch.
Everyone has their own collision domain (individual bandwidth)on each switch port.
100 Mbps ports
(Auto by default)
LAN Segmentation = Dividing Up Collision Domains
Device Abilities
BridgeExamines destination MAC address and makes filtering/forwarding decisions based on it.Unknown, Broadcast, and Multicast frames are flooded out all ports except the originator. Eachport of a bridge is a collision domain.
Switch
Examines destination MAC address and makes filtering/forwarding decisions based on it.Unknown, Broadcast, and Multicast frames are flooded out all ports within that VLAN except theoriginator. Each port of a switch is a collision domain. Each VLAN is a broadcast domain. Benefitsinclude simplifying moves, adds, and changes, reducing administrative costs, controllingbroadcasts, tightened security, load distribution, and moving servers into a secure location.
RouterExamines destination network (logical layer3) address and makes filtering/forwarding decisionsbased on it. Unknown and broadcast frames are discarded. Each port of a router is both a collision
and broadcast domain.
-
8/8/2019 Final Review CCNA
6/19
Comparison of Bridges and Switches
Bridges Switches
Software Based Hardware-based (port-level ASICs)
Relatively Slow Comparatively fast
One STP per Bridge Possibly many STPs per switch (possibly one per VLAN)
Typically up to 16 Ports Possibly hundreds of ports
LAN Switch Functions
Function Purpose
AddressLearning
Dynamically learns MAC addresses that arrive in the switch by reading the sources MACaddress of each arriving frame. If this address is not in the current MAC table, and there isenough space to store it, the address and the inbound port are stored.
Forward/Filter
Compare the destination MAC address of the arriving frame to the dynamically-learned MAC
table. If the address is in the table only forward the frame out the port specified in the table,thus filtering it from other ports. If the MAC address is not in the MAC table (unknown MACaddress) or it is a broadcast or multicast frame, the frame is flooded out every other portexcept the one it arrived from.
LoopAvoidance
Since the default behavior of a switch is to forward unknown unicast, broadcast, andmulticast frames, it is possible for one frame to Loop endlessly through a redundant (multiplepath) network. Thus the Spanning Tree Protocol (STP) is turned on to discourage loops in aredundant switch network.
Forwarding Modes in a Switch
Mode Description Latency
Store-and-ForwardThe entire frame is buffered, the CRC isexamined for errors and frame is checked forcorrect sizing (Ethernet 64 1518 bytes).
Relatively High.Varies depending on frame size.
Cut-Through
The frame is forwarded once the destinationMAC address (first 6 bytes) arrives and ischecked against the MAC address table.Buffer until the 6th byte arrives.
Lowest.Fixed delay based on 6 bytes being buffered.Not configurable on a Catalyst 1900.
Fragment-Free(Cisco)
The frame is forwarded once the first 64 byteshave arrived. Buffering occurs until the 64thbyte arrives. Ethernet collisions usually occurwithin the first 64 bytes, thus if 64 bytes arrivethere is no collision.
Low.Fixed delay based on 64 bytes being buffered.Default on Catalyst 1900.
-
8/8/2019 Final Review CCNA
7/19
Sources of Switching/Bridging Loops
Source Description
Redundant TopologyUnknown Frames are flooded out all ports. If there are multiple paths, than a flood would goout all ports, except the originator, and come back in on the other ports, thus creating a loop.
Multiple Frame Copies
Two machines live (connect) on the same wire. They send frames to each other withoutassistance. If there are two bridges/switches attached to the same wire, who are alsoconnected together, then new frames (unknown) going from one machine (same wire) would
go directly to the other machine (same wire) and would also be flooded through thebridges/switches (connected wire) and be flooded back through the bridges/switches to theoriginal wire. The receiving machine would receive multiple copies of the same frame.
MAC DatabaseInstability
Thanks to a bridging/switching loop (senairo above), one bridge/switch learns the sameMAC address on different ports. Thus, if a bridge/switch needed to forward a frame to itsdestination MAC address, it would have two possible destination ports.
Solution to Bridging/Switching LoopsProtocol Description
Bridges/switches communicate with Bridge Protocol Data Units (BPDUs).
The BPDU carries the Bridge ID and the Root ID Each bridge/switch has a unique Bridge ID,
which is the priority (or priority and extend system ID) followed by the base MAC address of the
bridge/switch. Only the priority (or priority and extend system ID) can be modified.
The device with the lowest Bridge ID becomes the Root. Only the Root is allowed to send BPDUs.
Initially, prior to receiving any BPDUs from other devices, every bridge/switch thinks it is the
Root, and thus sends a BPDU to every other Bridge/switch. This always occurs when a new
Bridge/switch is added to an existing network.
After the round of BPDUs, every bridge/switch becomes aware of the lowest Bridge ID (the Rootdevice). Only the Root continues to send BPDUs.BPDUs are sent, by default, every two (2) seconds.Every Bridge/switch receives BPDUs from the Root. If multiple BPDUs are received, then there
must be a loop in the network. The BPDU with the lowest cost is the best path to the Root.
The goal of every non-root bridge/switch is to find the most efficient path to the Root.
Ports that are not the most efficient path to the root, and are not needed to reach any other
downstream bridge/switch, are blocked. Blocked ports still receive BPDUs.
If the primary path ceases to receive a BPDU, STP eventually forwards packets on an alternate port
Blocked ports are re-evaluated to find the most efficient and that port is un-blocked so a path can be
reestablished to the root.
Forwarding ports are also called Designated ports (DP).
Blocked ports are also called non-Designated ports (BLK).
The port that is forwarding to the Root is called the Root port (RP).
The Root Bridge/switch ports never block and are always designated ports (DP).
Bridge/switch convergence is the time between a break occurring and an STP calculating analternate path. Typically 30 50 seconds.
802.1
d
SpanningTreeProto
col(STP)
Port convergence is the time it takes for STP to calculate whether a port will be in forwarding orblocking mode. Typically 50 seconds.
-
8/8/2019 Final Review CCNA
8/19
IOS and Configuration File Locations
Memory Type Contents
RAM Operating environment
MVRAM Backup (startup) copy of the configuration file, single file only
ROM IOS subset (RxBoot) (only if the hardware supports it ROM Monitor (ROMMON)
FlashCompressed IOS (non-compressed if 2500 series) Binary file storage capabilities (if enoughspace)
PCMCIA Like Flash, some machines have multiple PCMCIA slots available
Share I/O I/O buffer for interfaces
Enhanced Editing Commands
Function Syntax
Move to beginning of line Ctrl-AMove to end of line Ctrl-B
Move back one word Esc-B
Move forward one word Esc-F
Recall previous command (up in buffer history) Ctrl-P or up arrow
Move down through history buffer Ctrl-N or down arrow
Operating Modes
Mode Prompt Sample Functions
User Router> Read-only privileges Examine Interface status Examine router status
Privileged Router#
Full privileges to read, write, modify, copy, and delete Examine interface status Examine router status Examine configuration file Change IOS and configuration file
Example:
Router> enable password password
Configuration Router(config)#
Modify the active (running) configuration file
Example:
Router# configure terminalRouter(config)#
-
8/8/2019 Final Review CCNA
9/19
Some Miscellaneous IOS Commands
Function Mode Syntax
Configure a Banner Config Router(config)#banner motd # banner #
Configure the router name Config Router(config)# hostname name
Examine the backup configuration in NVRAM Privileged Router#show startup-config
Examine the active configuration in RAM Privileged Router#show running-config
Display the contents of Flash memory User of Privileged Router>show flash
Save the active configuration to NVRAM Privileged Router#copy running-config startup-config
Restore the backup configuration to RAM Privileged Router#copy startup-config running-config
Save the active configuration to a TFTPServer
Privileged Router#copy running-config tftp
Restore a configuration file from a TFTPServer
Privileged Router#copy tftp running-config
Write the current IOS out to a TFTP Server Privileged Router#copy flash tftp
Load a different IOS into the router Privileged Router#copy tftp flash
Erase the backup configuration from NVRAM Privileged Router#erase startup-config
Boot using a different IOS in Flash Config Router(config)#boot system flash filename
Boot from a TFTP Server ConfigRouter (config)#boot system tftp ip-addressfilename
Configure the router as a TFTP Server Config Router(config)#tftp-server flash filename
Reboot the router Privileged Router#reload
Use the setup utility Privileged Router#setup
Display directly-connected Cisco neighbors User or Privileged Router> show cdp neighbor
Display the command history buffer User or Privileged Router>show history
Configure the length of the history buffer Privileged Router#terminal history size line-count
Display the current IOS, router run-time,amount of memory, and interfaces installed
User or Privileged Router>show version
Configure logout delay Line ConfigRouter(config-line)# exec-timeout minutes
seconds
Configure clocking on a DCE interface Interface Config Router(config-if)# clock rate bps-value
Configure the bandwidth on an interface Interface Config Router(config-if)# bandwidth Kbps-value
Display the IP routing table User or Privileged Router>show ip route
Display the physical characteristics of aninterface
User or Privileged Router>show interfaces type number
Display the logical characteristics of aninterface
User or Privileged Router>Show protocol interface type number
-
8/8/2019 Final Review CCNA
10/19
Password Configuration
Mode Location Syntax
User Console Port Router# configure terminalRouter(config)#line console 0Router(config-line)# password stringRouter(config-line)# login
User Auxiliary Port Router#configure terminalRouter(config)#line auxiliary 0Router(config-line)# password stringRouter(config-line)# login
User VTY Access Router#configure terminalRouter(config)#line vty 0 4Router(config-line)# password stringRouter(config-line)# login
Encrypting ServicePasswords
N/A Router(config)# service-password encrypt
Privilege (secret) N/A Router#configure terminalRouter(config)#enable secret string
Privilege (enable) N/A Router# configure terminalRouter(config)# enable password string
-
8/8/2019 Final Review CCNA
11/19
RoutingThe process of maintaining a table of destination network addresses. A router will discard packets for unknown networks.
Sources of Routing Information
Source Description
Static
Manually configured by an administrator
Must account for every destination network Each static route must be configured on each router No overhead in processing, sending, or receiving updates Saves bandwidth and router CPU Routing table maintained by administrator
Dynamic
A process that automatically exchanges information about available routes Uses metrics to determine the best path to a destination network The routing protocol must be configured on each router Bandwidth is consumed as routing updates are transmitted between routers Router CPU is used to process, send, and receive routing information Routing table maintained by routing process
Routing Configuration Commands
Type Syntax
Sta
tic
Router(config)# ip route dest-address subnet-mask next-hop or exit-interface
dest-network is the network in question subnet-mask is the network in question next-hop is the network in question exit-interface is the network in question -either the next-hop or exit-interface are used, but not both
Example:
Router# configure terminalRouter(config)# ip route 172.16.0.0 255.255.0.0 serial0orRouter(config)# ip route 172.16.0.0 255.255.0.0 172.16.1.1
Dynamic
Router(config)# router protocol keywordRouter(config-router) network network-number
protocol is the routing protocol being used keyword is an optional parameter for some routing protocols network-number is the directly connected network that will be used to send and receive routingupdates; enables all interfaces that use that network address
Example 1:Router# configure terminalRouter(config)# router ripRouter(config-router)# network 172.16.0.0Router(config-router)# network 192.168.20.0
Example 2:Router(config)# router OSPF 100Router(config-router)# network 172.16.0.0 0.0.255.255 area 0Router(config-router)# network 192.168.20.00.0.0.255 area 0
-
8/8/2019 Final Review CCNA
12/19
Types of Routing Protocol
Type Description
Interior Used within a common administrative domain called an Autonomous System (AS) Typically a single AS is controlled by a single authority or company Interior routing protocols are used within a corporate network
Exterior Used to connect Autonomous Systems Exchanges routing information between different administrative domains Exterior protocols are used to connect sites within a very large corporate network, or are used toconnect to the Internet
Classes of Routing Protocol
Class Description
DistanceVector
Maintains a vector (direction and distance) to each network in the routing table Typically sends periodic (update interval) routing updates Typically sends entire routing table during update cycle Routing updates are processed and then resent by each router, thus the updates are second-handinformation (routing by rumor) Typically prone to routing loops (disagreement between routers) and count to infinity (routing metricscontinue to accumulate indefinitely) Solutions to these problems include:
Spilt Horizon do not send updates back to where they came from eliminates back-to-back router loops
Define a maximum metric eliminates count to infinity problemRoute poisoning set the advertised metric to the maximum value on routes that have gone downPoison reverse overrides split horizon by informing the source of a route that it has gone down
Hold-down timers eliminates long-distance loops by ignoring updates about possibly down routesthat have metrics worse than the current metricTriggered updates send an individual update immediately when a route is thought to be down,rather than wait for the periodic update timer (also called flash updates)
Link
State
Maintains a complete topological map (database) of entire network, separate from the routing table(forwarding table) Sends updates only when necessary Only sends information that has changed, not the entire database Does not send information from the routing table, but rather from the database The initial routing update is sent to every link state router in the network (flooding) via a multicast IP
address, not a processed copy as with distance vector protocols Routing table is individually calculated on each router from its database. This process is calledShortest Path First or SPF The database typically requires as much memory as the routing table When SPF runs, it is CPU intensive Uses hello packets to maintain a database of link state neighbors throughout the network
-
8/8/2019 Final Review CCNA
13/19
Examples of Routing Protocols
ProtocolDVorLS
Internalor
ExternalCharacteristics
RoutingInformation
Protocol (RIP)DV Internal
Sends periodic updates every 30 seconds by default Sends the entire routing table out every interface, minus the routeslearned from that interface (split horizon)
Uses hop count as a metric Has a maximum reachable hop count of 15 (16 is the definedmaximum) Sends updates out as a broadcast (RIP V1) RIP V2 uses a multicast address of 244.0.0.10
Interior GatewayRouting Protocol
(IGRP)DV Internal
Sends periodic updates every 90 seconds by default Sends the entire routing table out every interface, minus the routeslearned from that interface (split horizon) Uses a composite metric consisting of bandwidth, delay, reliability,load, and MTU Only uses bandwidth and delay by default (configurable) Does track hop count but only uses it as a tie-breaker
Default maximum hop count is 100, but is configurable up to 255maximum Sends updates out as a broadcast
EnhancedInterior GatewayRouting Protocol
(EIGRP)
Adv. DV Internal
Considered an advanced distance vector routing protocol Uses a Diffusing update algorithm (DUAL) Sends triggered updates when necessary Sends only information that has changed, not entire routing table Uses a composite metric consisting of bandwidth, delay, reliability,load, and MTU Only uses bandwidth and delay by default (configurable) Does track hop count but only uses it as a tie-breaker Default maximum hop count is 224, but is configurable up to 255
maximum Sends updates out on a multicast address of 224.0.0.9
Open ShortestPath First(OSPF)
LS Internal
Sends triggered updates when necessary Sends only information that has changed, not entire routing table Uses a cost metric Interface bandwidth is used to calculate cost (Cisco) Uses two multicast addresses of 224.0.0.5 and 224.0.0.6
Border Gateway
Protocol (BGP)
DV External
Actually a very advanced distance vector routing protocol Sends triggered updates when necessary Sends only information that has changed, not entire routing table Uses a complex metric system
-
8/8/2019 Final Review CCNA
14/19
Access List Syntax
Direction Description
Inbound Interrogates packets as they arrive, before they are routed Can deny a packet before using CPU cycles to process it then deny it
Outbound Interrogates packets after they are routed to the destination interface Packets can be discarded after they have been routed Default configuration when applying access lists to the interface
Standard
Router(config)# access-list number permit or deny source-ip wildcard-mask
Number is in the range of 1-99, 1300-1999 Each line either permits or denies Only examines the sources IP address from the IP packet Wildcard mask allows a single line to match a range of IP addresses Default mask is 0.0.0.0 Wildcard mask of 0.0.0.0 is exact match of source IP address The word host can be substituted for the mask 0.0.0.0 Wildcard mask of 255.255.255.255 means match every IP address The word any can be substituted for the mask 255.255.255.255
Extended
Router(config)# access-list number permit or deny source-ip source-mask operator source-port destination-ip destination-mask operator destination-port
Number is in the range of 100 199, 2000 2699 Each line either permits or denies Examines anything in the IP header: source and destination addresses, protocols, and ports Protocol can be IP, ICMP, IGRP, EIGRP, OSPF, UDP, TCP, and others Wildcard mask allows a single line to match a range of IP addresses Port numbers are optional and can only be entered if the protocol is UDP or TCP. Portnumbers are in the range of 1 65535
A protocol of ICMP, the port numbers becomes an ICMP type code Operators are a Boolean function of gt, lt, neq, or range. LT is less than, GT is greater than,NEQ is not equal to, and RANGE is a range of ports
Boolean operators are only used with TCP or UDP Wildcard mask of 0.0.0.0 is exact match of source IP address The word host can be substituted for the mask 0.0.0.0 Wildcard mask of 255.255.255.255 means match every IP address The word any can be substituted for the mask 255.255.255.255
Named
Same structure as Standard or Extended except alphanumeric string
Router(config)# access-list standard nameRouter(config-std-nacl)# permit or deny source-ip wildcard-maskorRouter(config)# access-list extended nameRouter(config-ext-nacl)#permit or deny source-ip source-mask operator source-port
destination-ip destination-mask operator destination-port
Interface
Router(config-if)# ip access-group number in or out Number is the access list being referenced; standard, extended, or named In or out specifies the direction of the frame flow through the interface for the access list to beexecuted. Out is the default
VirtualTerminal
(VTY)
Router(config)# line vty vt# or vty-rangeRouter(config-line)# access-class number in or out
Restricts incoming or outgoing vty connections for address in access list Number is the access list being referenced; standard, extended, or named
-
8/8/2019 Final Review CCNA
15/19
IP Access Lists
Type Numbers Criteria Location
Standard1 99
1300 1999 Source IP address Close to the destination
Extended 100 1992000 2699
Source IP address Destination IP address Source protocol number
Destination protocolnumber
Source port number Destination port number
Close to the source
Named Alphanumeric string Same as standard extended orextended
Close to either destinationor source
Wildcard Masks
Mask Match Dont Care Example
0.0.0.0 Every octet N/A 172.16.10.1 = 172.16.10.1
0.0.0.255 First three octets Last octet 172.16.10.1 = 172.16.10.0
0.0.255.255 First two octets Last two octets 172.16.10.1 = 172.16.0.0
0.255.255.255 First octet Last three octet 172.16.10.1 = 172.0.0.0
255.255.255.255 N/A Every octet 172.16.10.1 = 0.0.0.0
Network Address Translation NAT
Function Syntax
Marks the interface as connected to the inside Router(config-if)# ip nat inside
Marks the interface as connected to the outside Router(config-if)# ip nat outside
Establishes static translation between an insidelocal address and an inside global address
Router(config)#ip nat inside source static local-ip global-ip
Defines a pool of global addresses to be allocatedas needed
Router(config)#ip nat pool start-ip end-ip {netmask netmask |prefix-length prefix-length}
Establishes dynamic source translation to a poolbased on the ACL
Router(config)#ip nat inside source list access-list-number poolname
Establishes dynamic source translation to ainterface based on the ACL
Router(config)#ip nat source list access-list-number interfaceinterface overload
Displays active translation Router#show ip nat translations
Displays translation statistics Router#show ip nat statistics
Clears all dynamic address translation entries Router#clear ip nat translation *
Clears a simple dynamic translation entry that hasan inside translation or both inside and outsidetranslation
Router#clear ip nat translation inside global-ip local-ip [outsidelocal-ip global-ip]
Clears a simple dynamic translation entry that hasan outside translation
Router#clear ip nat translation outside local-ip global-ip
Clears an extended dynamic translation entryRouter#clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port]
-
8/8/2019 Final Review CCNA
16/19
WAN Connection Types
Connection Definition
Leased Line
A pre-established, private connection from one site to another through a providersnetwork
Also called a dedicated circuit or a dedicated connection Always a point-to-point connection between two end points Used when there is a constant flow of data, or when a dedicated amount of bandwidth isrequired
One router interface is connected to one destination site Examples PPP, HDLC
Circuit Switching
A dial-up connection through a providers voice-grade network Either uses an analog modem or an ISDN connection Used when only a slow-speed connection is needed, or when there is not much of aneed to transfer a lot of data
One call establishes a circuit to one destination site Examples PPP, HDLC, SLIP
Packet Switching
Each site only uses one physical connection into the providers network, however theremay be multiple virtual circuits to various destinations
Typically less expensive than leased lines, because you are mixing various data streamsacross a single link
Used when a dedicated connection is needed, but cost savings is important Examples Frame Relay, X.25
Cell Switching
Each site only uses one physical connection into the providers network, however theremay be multiple virtual circuits to various destinations Typically less expensive than leased lines, because you are mixing various data streamsacross a single link Uses fixed-size packets called cells to achieve faster and more predicable transportthrough the network Examples ATM, SMDS
High-Level DataLink Control
(HDLC)
A Cisco-proprietary serial encapsulation Allows multiple network-layer protocols to travel across Default encapsulation for all serial interfaces on a Cisco router One router interface only goes to one destination
Point-to-PointProtocol (PPP)
An open-standard serial encapsulation Allows multiple network-layer protocols to travel across Allows optional link-layer authentication (CHAP or PAP) One router interface only goes to one destination
Serial LineInternet Protocol
(SLIP)
An open-standard serial encapsulation Allows only IP to travel across One router interface only goes to one destination
Frame Relay
A very popular packet switching standard
Uses switched virtual circuits (SVCs) or permanent virtual circuits (PVCs) Allows multiple network-layer protocols to travel across Each virtual circuit is a private channel between two end points One router interface may have many virtual circuits, going to the same location orvarious locations
X.25
An old, but still available, packet switching standard Uses switched virtual circuits (SVCs) or permanent virtual circuits (PVCs) Allows multiple network-layer protocols to travel across Each virtual circuit is a private channel between two end points One router interface may have many virtual circuits, going to the same
-
8/8/2019 Final Review CCNA
17/19
Popular WAN Terms
Term Definition
Customer PremiseEquipment (CPE)
Network devices/equipment physically located at the customers location/site Customer is typically required to procure/maintain this equipment Equipment could include routers and CSU/DSUs
Central Office (CO) The facility that provides WAN services to the customer Source of analog phone service, ISDN service, DSL service, frame relay connections,X.25 connections, and leased lines
Local Loop The link from the providers CO to the customers demarc Also called the last mile Normally not more than a few miles
Demarcation Point(Demarc)
The line between the customer site and the provider network Inside of the demarc is the CPE Outside of the demarc is the local loop
Toll Network The providers network Inside the WAN cloud Typically smoke and mirrors to a customer
ISDN Interface Types
Interface Type Characteristics
Basic Rate Interface (BRI) 2 Bearer (B) channels, 64 Kbps data each 1 control channel (D), 16 Kbps
Primary Rate Interface (PRI)
23 Bearer (B) channels, 64 Kbps data each across a T1 circuit, typically seen inNorth America and Japan 30 Bearer (B) channels, 64 Kbps data each across an E1 circuit, typically seen inAustralia and Europe 1 control channel (D), 64 Kbps
ISDN Device Types
Device Function
Network Termination 1 (NT-1) Converts BRI signals into a form used by the ISDN digital line
Network Termination 2 (NT-2) The aggregation point of ISDN services at a customer site
Terminal Adapter (TA) Converts analog signals into BRI signals
Terminal Endpoint 1 (TE-1) A devices that has an ISDN interface, such as a router
Terminal Endpoint 2 (TE-2)A device that does not have any ISDN interfaces and requires a TA to access theISDN network, such as a PC
ISDN Reference Points
Reference Point Function
R The point between a non-ISDN device and the TA
S The point between the TA and the NT-2, or between ISDN devices and the NT-2
T The point between the NT-2 and the NT-1
U The point between the NT-1 and the ISDN provider
-
8/8/2019 Final Review CCNA
18/19
ISDN Protocols
Reference Point Function
E-series Recommend telephone network standards
I-series Deal with concepts, terminology, and general methods used within ISDN
Q-series Cover switching and signaling through the ISDN cloud
Sample ISDN CommandsFunction Mode Syntax
Configure the ISDNswitch type
configRouter(config)# isdn switch-type switch
switch types include basic-dms100, basic-5ess and basic-ni
Create a static route config
Router(config)# ip route network mask destination-ip
network is the other side of the ISDN cloud, since there is no dynamicrouting protocol running across the ISDN network mask is the subnet mask to specify the distant network destination-IP is the IP address of the BRI interface of the remote site
Create a dialer list config
Router(config)# dialer-list number protocol protocolpermit
number can be from 1 10 protocol can be any protocol, such as IP or IPX
Access the BRIinterface
config Router(config)# interface bri number
Assign SPID numbers interface config
Router(config-if)# isdn spid1 spid-number
spid-number is the logical circuit ID assigned by the ISDN provider there might be two SPID numbers, thus the second one would bereferenced as spid2
Reference the dialerlist
interface configRouter(config-if)# dialer-group number
number is the dialer list created earlier
Create a map to pointto and dial the remote
siteinterface config
Router(config-if)# dialer map protocol destination-ip dial-number
protocol is the protocol being mapped across the ISND cloud, such as IPor IPX
destination-IP is the IP address of the BRI port on the other side of theISDN cloud, specified by the static route
dial-number is the ISDN phone number of the remote site
-
8/8/2019 Final Review CCNA
19/19
Frame Relay Terms
Term Definition
Local Access RateConnection rate between a frame relay site and the frame relay provider. Many virtualcircuits run across a single access point.
Virtual Circuit
Logical connection between two end points
Permanent Virtual Circuit (PVC) the circuit is always available, and the bandwidth forthe circuit is always allocated
Switched Virtual Circuit (SVC) the circuit is built when needed, and the bandwidth isreturned when the circuit is closed
Data Link ConnectionIdentifier (DLCI)
The local reference to one end of a virtual circuit. The DLCI numbers are assigned by theframe relay providers.
Committed InformationRate (CIR)
The maximum allowed bandwidth through the PVC from one end to the other. Each PVCcan have a unique CIR.
Inverse AddressResolution Protocol
(IARP)
The process of a frame relay device, such as a router, discovering the network-layerinformation about the devices at the other end of the PVCs.
Local ManagementInterface (LMI)
Signaling between the frame relay device (the router) and the frame relay switch (theprovider). LMI does not travel across the entire PVC from one end to the other.
Sample Frame Relay Commands
Function Mode Syntax
access the serialinterface
config Router(config)# interface serial number
change theencapsulation
interface configRouter(config-if)# encapsulation frame-relay option
option can either be Cisco (default) or ietf (open standard)
specify the LMI type interface config
Router(config-if)# frame-relay lmi lmi-type
lmi-type can be Cisco, ansi, or q933a
this command is normally not needed, as the router will automaticallysense the LMI type if configured by the provider
assign the local DLCI interface config
Router(config-if)# frame-relay interface-dlci local-dlci
local-dlci is the DLCI number of the PVC that terminates on this interface.There can be more than on DLCI on an interface.
this command is not needed with a major interface, since the router willautomatically retrieve the DLCIs from the frame relay switch.
create a sub-interface config
Router(config)# interface serial number.sub point-to-point or multipoint
point-to-point defines a subinterface that will only have one DLCI
(interface-dlci command) multipoint defines a subinterface that may have more than one DLCI(interface-dlci command)
create a static map interface config
Router(config)# frame-relay map protocol destination-IP local-dlci
protocol is the protocol being mapped across the frame relay cloud, suchas IP or IPX
destination-IP is the IP address of the frame relay interface at the otherend of the PVC
local-DLCI is the local DLCI needed to access the remote site this command is not needed if inverse-ARP is properly configured, andthe interface-dlci command is used